npm - @contrast/agent-bundle - Versions diffs - 5.40.0 → 5.41.0 - Mend

@contrast/agent-bundle 5.40.0 → 5.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/lib/rewrite-is-deadzoned.js DELETED Viewed

@@ -1,143 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { sep } = require('path');
-// todo: find optimal way to do these lookups
-const DEADZONED_PATHS = [
-  'ast-types', // CONTRAST-33909: `String` injection causes this module to crash.
-  'angular',
-  'acorn',
-  'archiver',
-  'archiver-utils',
-  'bcrypt',
-  'bcrypt-nodejs',
-  'bcryptjs', // node_modules/bcryptjs/index.js, node_modules/bcryptjs/dist/bcrypt.js
-  '@babel', // this should handle all namespaced packages
-  'babel',
-  'babel-cli',
-  'babel-core',
-  'babel-traverse',
-  'babel-generator',
-  'babylon',
-  'bn.js',
-  'browserify',
-  'bson',
-  'bunyan',
-  'chai', // not sure why chai was rewritten
-  'coffeescript',
-  'compression',
-  '@cyclonedx',
-  'etag',
-  // 'cookie', // todo: verify this doesn't break sources/propagation (*)
-  // 'cookie-signature', // (*)
-  'gzippo', //  149 weekly downloads
-  // 'handlebars', // (*)
-  'handlebars-precompiler',
-  // 'hbs', // ditto
-  'html-webpack-plugin',
-  'iconv-lite',
-  'jquery',
-  'jsrsasign',
-  'less',
-  // 'dustjs-linkedin', // todo
-  'logger-console', // 2 weekly downloads
-  'loopback-datasource-juggler',
-  'moment',
-  'moment-timezone',
-  'node-forge',
-  'node-webpack',
-  'pem',
-  'react',
-  'react-dom', // doesn't this cover the next line?
-  //'react-dom/server',
-  'requirejs',
-  'semver',
-  'strong-remoting',
-  'type-is',
-  'uglify-js',
-];
-// maybe make the value an object for more complex strategies in the future
-// NOTE: they key should appear in the list above as well. if it's not there
-// then this object will never be checked.
-const CUSTOM_REWRITERS = {
-  'acorn': 'no-propagation',
-  'archiver': 'no-propagation',
-  'babel-core': 'no-propagation',
-  '@babel': 'no-propagation',
-  'bcryptjs': 'no-propagation',
-  'bson': 'no-propagation',
-  'coffeescript': 'no-propagation',
-  'jsrsasign': 'no-propagation',
-  'less': 'no-propagation',
-  '@cyclonedx': 'no-propagation',
-};
-const nodeModules = `${sep}node_modules${sep}`;
-function rewriteIsDeadzoned(absolutePath) {
-  // we should only match the last node_modules folder
-  const startingPoint = absolutePath.lastIndexOf(nodeModules) + nodeModules.length;
-  for (const path of DEADZONED_PATHS) {
-    const start = absolutePath.indexOf(path, startingPoint);
-    // we return the name of the deadzoned module if it is found
-    if (start >= 0 && (start + path.length === absolutePath.length || absolutePath[start + path.length] === sep)) {
-      return path;
-    }
-  }
-  return undefined;
-}
-// the next function is used if/when we implement custom rewrite strategies.
-// NODE-3512 implements that and this was taken from there.
-/**
- * Returns an array with a package name and that package's rewrite strategy.
- * The package name is only returned the package strategy is not 'default'.
- * Strategies:
- * - 'default': rewrite the module using the original, default rewriter
- * - 'deadzone': do not rewrite the module
- * - 'no-propagation': rewrite the module with the no-propagation rewriter
- *
- * why does this return the package name? mostly just because it had to extract
- * it from the path, so returning means the caller doesn't have to.
- *
- * @param {string} absolutePath
- * @returns {[string | undefined, 'default' | 'deadzone' | 'no-propagation']}
- */
-function getPackageRewriteStrategy(absolutePath) {
-  const pkg = rewriteIsDeadzoned(absolutePath);
-  if (!pkg) {
-    return [undefined, 'default'];
-  }
-  const strategy = CUSTOM_REWRITERS[pkg];
-  if (strategy && process.env.CSI_USE_CUSTOM_REWRITERS) {
-    return [pkg, strategy];
-  }
-  return [pkg, 'deadzone'];
-}
-module.exports = {
-  DEADZONED_PATHS,
-  CUSTOM_REWRITERS,
-  rewriteIsDeadzoned,
-  getPackageRewriteStrategy,
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/package.json DELETED Viewed

@@ -1,30 +0,0 @@
-{
-  "name": "@contrast/rewriter",
-  "version": "1.29.0",
-  "description": "A transpilation tool mainly used for instrumentation",
-  "license": "SEE LICENSE IN LICENSE",
-  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
-  "files": [
-    "lib/",
-    "!*.test.*",
-    "!tsconfig.*",
-    "!*.map"
-  ],
-  "main": "lib/index.js",
-  "types": "types/index.d.ts",
-  "engines": {
-    "npm": ">=6.13.7 <7 || >= 8.3.1",
-    "node": ">= 16.9.1"
-  },
-  "scripts": {
-    "test": "bash ../scripts/test.sh"
-  },
-  "dependencies": {
-    "@contrast/agent-swc-plugin": "3.0.0",
-    "@contrast/common": "1.33.0",
-    "@contrast/config": "1.48.0",
-    "@contrast/core": "1.53.0",
-    "@contrast/logger": "1.26.0",
-    "@swc/core": "1.11.24"
-  }
-}

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/LICENSE DELETED Viewed

@@ -1,12 +0,0 @@
-Copyright: 2025 Contrast Security, Inc
-Contact: support@contrastsecurity.com
-License: Commercial
-NOTICE: This Software and the patented inventions embodied within may only be
-used as part of Contrast Security’s commercial offerings. Even though it is
-made available through public repositories, use of this Software is subject to
-the applicable End User Licensing Agreement found at
-https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
-between Contrast Security and the End User. The Software may not be reverse
-engineered, modified, repackaged, sold, redistributed or otherwise used in a
-way not consistent with the End User License Agreement.

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/constants.js DELETED Viewed

@@ -1,26 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const PATCH_TYPES = {
-  // a patch related to retaining or applying async context
-  ASYNC_CONTEXT: 'async context',
-  FRAMEWORK: 'framework',
-};
-module.exports = {
-  PATCH_TYPES
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/index.d.ts DELETED Viewed

@@ -1,46 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-import { RequestStore } from '@contrast/common';
-import { AsyncLocalStorage } from 'async_hooks';
-export interface Sources extends AsyncLocalStorage<RequestStore> {}
-export interface InstrumentationStore {
-  name: string;
-  lock: boolean;
-}
-export interface Instrumentation
-  extends AsyncLocalStorage<InstrumentationStore> {
-  isLocked(): boolean;
-}
-export interface Scopes {
-  sources: Sources;
-  instrumentation: Instrumentation;
-  wrap<TArgs extends any[], TReturnValue>(
-    callback: (...args: TArgs) => TReturnValue
-  ): (...args: TArgs) => TReturnValue;
-  install(): Promise<void>;
-}
-interface Core {
-  scopes: Scopes;
-}
-declare function init(core: Core): Scopes;
-export = init;

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/index.js DELETED Viewed

@@ -1,70 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { AsyncLocalStorage } = require('async_hooks');
-const { Core } = require('@contrast/core/lib/ioc/core');
-module.exports = Core.makeComponent({
-  name: 'scopes',
-  factory(core) {
-    core.scopes = {};
-    const sources = new AsyncLocalStorage();
-    const instrumentation = new AsyncLocalStorage();
-    // If not enabled or no store then we are NOT locked - not opt-in
-    instrumentation.isLocked = function() {
-      return !!instrumentation.getStore()?.lock;
-    };
-    /**
-     * Wraps a given callback to be run in the AsyncLocalStorages that were active during the wrapping
-     * @param {function} cb the callback that is to be wrapped
-     * @return {function} the callback wrapped in .run() methods from the active AsyncLocalStorages
-     */
-    function wrap(cb) {
-      let fn = cb;
-      for (const storage of [instrumentation, sources]) {
-        const store = storage.getStore();
-        if (store) {
-          const _fn = fn;
-          fn = function(...args) {
-            return storage.run(store, _fn.bind(this), ...args);
-          };
-        }
-      }
-      if (fn !== cb) {
-        Object.defineProperty(fn, 'name', { value: cb?.name, writable: false });
-      }
-      return fn;
-    }
-    const install = () => {
-      require('./install')(core).install();
-    };
-    Object.assign(core.scopes, {
-      sources,
-      instrumentation,
-      wrap,
-      install
-    });
-    return core.scopes;
-  }
-});

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/bluebird.js DELETED Viewed

@@ -1,128 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { ASYNC_CONTEXT } = require('../constants').PATCH_TYPES;
-/**
- * Exports a function handling the patching of `mysql` and `mysql2` packages
- * @param {Object} core the core Contrast object in v5
- * @param {Object} core.depHooks instance of @contrast/depHooks
- * @param {Object} core.patcher instance of @contrast/patcher
- * @param {Object} hooks the relevant hooks that are to be used in the patching, found in ./hooks.js
- * @param {function} patchConfigHook hook for setting the config option asyncHooks: true
- * @param {function} addCallbacksHook hook for .addCallbacks method
- */
-module.exports = ({ depHooks, patcher, logger, scopes: { wrap } }) => {
-  function install() {
-    depHooks.resolve({ name: 'bluebird', version: '<4' }, (bluebird) => {
-      patchConfig(bluebird);
-      patchAddCallbacks(bluebird);
-      patchGetNewLibraryCopy(bluebird);
-    });
-  }
-  /**
-   * This forces bluebird to use async hooks.
-   * This is to ensure our AsyncStorage will
-   * properly bind bluebird Promises when running
-   * in a Scope(request, propagator, no instrumentation)
-   *
-   * http://bluebirdjs.com/docs/api/promise.config.html#async-hooks
-   */
-  function patchConfig(bluebird) {
-    if (typeof bluebird.config === 'function') {
-      bluebird.config({ asyncHooks: true });
-      patcher.patch(bluebird, 'config', {
-        name: 'bluebird.config',
-        patchType: ASYNC_CONTEXT,
-        pre: patchConfigHook,
-      });
-    }
-  }
-  /**
-   * Even with async_hooks option set we still need to bind callbacks to our CLS
-   * namespace.
-   */
-  function patchAddCallbacks(bluebird) {
-    if (bluebird.prototype && bluebird.prototype._addCallbacks) {
-      patcher.patch(bluebird.prototype, '_addCallbacks', {
-        name: 'bluebird.prototype._addCallbacks',
-        patchType: ASYNC_CONTEXT,
-        pre: addCallbacksHook(),
-      });
-    } else {
-      logger.warn('skip patching bluebird.prototype._addCallbacks');
-    }
-  }
-  /**
-   * Ensures that new library copies are also instrumented.
-   * @param {function} bluebird the library export
-   */
-  function patchGetNewLibraryCopy(bluebird) {
-    if (typeof bluebird.getNewLibraryCopy !== 'function') {
-      return;
-    }
-    patcher.patch(bluebird, 'getNewLibraryCopy', {
-      name: 'bluebird.getNewLibraryCopy',
-      patchType: ASYNC_CONTEXT,
-      post(data) {
-        patchAddCallbacks(data.result);
-      },
-    });
-  }
-  /**
-   * Hook for setting the config options
-   * @param {string} data the argument for the preHook
-   */
-  function patchConfigHook(data) {
-    const opts = data.args[0];
-    if (opts) {
-      opts.asyncHooks = true;
-    }
-  }
-  function addCallbacksHook() {
-    /**
-     * Binds callback to the relevant AsyncStorage.
-     * @param {object} data the argument for the preHook
-     * @param {object} data.args the arguments passed to `._addCallbacks` method
-     */
-    return function ({ args, funcKey, name }) {
-      try {
-        // bind every function argument
-        for (let idx = 0; idx < args.length; idx++) {
-          if (typeof args[idx] !== 'function') {
-            continue;
-          }
-          // we bind the initial context of the function to be available inside ours
-          args[idx] = wrap(args[idx]);
-        }
-      } catch (err) {
-        logger.warn({ err, funcKey }, 'An error occurred in %s', name);
-      }
-    };
-  }
-  return {
-    install
-  };
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/index.js DELETED Viewed

@@ -1,34 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-module.exports = function (core) {
-  /**
-   * Setup known required patches
-   */
-  const asyncStorageHooks = {
-    install() {
-      require('./mysql')(core).install();
-      require('./redis')(core).install();
-      require('./mongodb-core')(core).install();
-      require('./mongodb3')(core).install();
-      require('./mongodb4')(core).install();
-      require('./bluebird')(core).install();
-    },
-  };
-  return asyncStorageHooks;
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/mongodb-core.js DELETED Viewed

@@ -1,83 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { PATCH_TYPES: { ASYNC_CONTEXT } } = require('../constants');
-const { resolveCallbackIndex } = require('../utils');
-/**
- * Exports a function handling the patching of `mongodb-core` package
- * @param {Object} core the core Contrast object in v5
- */
-module.exports = function (core) {
-  const { depHooks, patcher, logger, scopes: { wrap } } = core;
-  const mongoDBCoreServer = { name: 'mongodb-core', version: '<4', file: 'lib/topologies/server.js' };
-  const mongoDBCoreCursor = { name: 'mongodb-core', version: '<4', file: 'lib/cursor.js' };
-  function install() {
-    depHooks.resolve(
-      mongoDBCoreServer,
-      (server) => {
-        const methods = ['command', 'insert', 'update', 'remove', 'logout'];
-        methods.forEach((method) =>
-          patcher.patch(server.prototype, method, {
-            name: `mongodb-core.${server.prototype.constructor.name}.prototype.${method}`,
-            patchType: ASYNC_CONTEXT,
-            pre: methodHook(),
-          })
-        );
-      }
-    );
-    depHooks.resolve(
-      mongoDBCoreCursor,
-      (cursor) => {
-        const method = 'next';
-        patcher.patch(cursor.prototype, method, {
-          name: `mongodb-core.${cursor.prototype.constructor.name}.prototype.${method}`,
-          patchType: ASYNC_CONTEXT,
-          pre: methodHook(),
-        });
-      }
-    );
-  }
-  /**
-   * Returns a function/hook to be used with a given mongodb-core/mongodb method
-   * @param {string} method the method for hooking
-   * @param {object} hookedModule instance of mongoDBCoreServer
-   * @return {function} a preHook for the given mongodb-core method
-   */
-  function methodHook() {
-    /**
-      * Binds callback (when present) to the relevant AsyncStorage.
-      * @param {object} data the argument for the preHook
-      * @param {object} data.args the arguments passed to hooked method
-      */
-    return function ({ args, funcKey, name }) {
-      try {
-        const indexOfCallback = resolveCallbackIndex(args);
-        args[indexOfCallback] = wrap(args[indexOfCallback]);
-      } catch (err) {
-        logger.warn({ err, funcKey }, 'An error occurred in %s', name);
-      }
-    };
-  }
-  return {
-    install
-  };
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/mongodb3.js DELETED Viewed

@@ -1,89 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { PATCH_TYPES: { ASYNC_CONTEXT } } = require('../constants');
-const { resolveCallbackIndex } = require('../utils');
-/**
- * Exports a function handling the patching of `mongodb` package for v3.3.0 up to v4.0.0, excluding
- * @param {Object} core the core Contrast object in v5
- */
-module.exports = function (core) {
-  const { depHooks, patcher, logger, scopes: { wrap } } = core;
-  const mongoDBTopologyBase = { name: 'mongodb', file: 'lib/topologies/topology_base.js', version: '>=3.3.0 <4' };
-  const mongoDBTNativeTopology = { name: 'mongodb', file: 'lib/topologies/native_topology.js', version: '>=3.3.0 <4' };
-  const mongoDBCursor = { name: 'mongodb', file: 'lib/cursor.js', version: '>=3.3.0 <4' };
-  function install() {
-    depHooks.resolve(mongoDBTopologyBase, (tpl) => {
-      const methods = ['command', 'insert', 'update', 'remove'];
-      methods.forEach((method) => {
-        patcher.patch(tpl.TopologyBase.prototype, method, {
-          name: `mongodb.TopologyBase.prototype.${method}`,
-          patchType: ASYNC_CONTEXT,
-          pre: methodHook()
-        });
-      });
-    });
-    depHooks.resolve(mongoDBTNativeTopology, (tpl) => {
-      const methods = ['command', 'insert', 'update', 'remove'];
-      methods.forEach((method) => {
-        patcher.patch(tpl.prototype, method, {
-          name: `mongodb.NativeTopology.prototype.${method}`,
-          patchType: ASYNC_CONTEXT,
-          pre: methodHook()
-        });
-      });
-    });
-    depHooks.resolve(
-      mongoDBCursor,
-      (cursor) => {
-        patcher.patch(cursor.prototype, '_next', {
-          name: 'mongodb.Cursor.prototype._next',
-          patchType: ASYNC_CONTEXT,
-          pre: methodHook(),
-        });
-      });
-  }
-  /**
-   * Returns a function/hook to be used with a given mongodb-core/mongodb method
-   * @param {string} name the method for hooking
-   * @return {function} a preHook for the given mongodb-core method
-   */
-  function methodHook() {
-    /**
-      * Binds callback (when present) to the relevant AsyncStorage.
-      * @param {object} data the argument for the preHook
-      * @param {object} data.args the arguments passed to hooked method
-      */
-    return function ({ args, funcKey, name }) {
-      try {
-        const indexOfCallback = resolveCallbackIndex(args);
-        args[indexOfCallback] = wrap(args[indexOfCallback]);
-      } catch (err) {
-        logger.warn({ err, funcKey }, 'An error occurred in %s', name);
-      }
-    };
-  }
-  return {
-    install
-  };
-};